Detecting Gunra ransomware with Wazuh

Detecting Gunra ransomware with Wazuh

Post icon
/ Engineering
By

Gunra ransomware is a recently identified threat that has been observed targeting Windows endpoints across multiple industries worldwide, including manufacturing and energy sectors. Known for its encryption capabilities and exfiltration tactics, the ransomware follows a double-extortion model, encrypting victim data while simultaneously threatening to leak stolen information on its Tor-hosted leak site. Gunra’s malicious behavior […]

Read more
Post icon
/ Engineering

Detecting Gunra ransomware with Wazuh

By

Gunra ransomware is a recently identified threat that has been observed targeting Windows endpoints across multiple industries worldwide, including manufacturing and energy sectors. Known for its encryption capabilities and exfiltration tactics, the ransomware follows a double-extortion model, encrypting victim data while simultaneously threatening to leak stolen information on its Tor-hosted leak site. Gunra’s malicious behavior […]

Read more
Security observability on Linux with Wazuh and Tetragon

Security observability on Linux with Wazuh and Tetragon

Post icon
/ Engineering
By

Security observability allows security teams to gain comprehensive visibility into the security posture of systems, applications, and networks by collecting and analyzing telemetry from various sources. These data sources, including logs, metrics, and traces, provide deep insights into diagnosing system issues and investigating security incidents. They also help to detect and respond to potential threats […]

Read more
Post icon
/ Engineering

Security observability on Linux with Wazuh and Tetragon

By

Security observability allows security teams to gain comprehensive visibility into the security posture of systems, applications, and networks by collecting and analyzing telemetry from various sources. These data sources, including logs, metrics, and traces, provide deep insights into diagnosing system issues and investigating security incidents. They also help to detect and respond to potential threats […]

Read more
Detecting Koske malware with Wazuh

Detecting Koske malware with Wazuh

Post icon
/ Engineering
By

Koske malware is a new, trending malware that Aqua Nautilus first identified in July 2025. It is believed to be an AI-generated malware designed for cryptocurrency mining operations on Linux endpoints. The structure and characteristics of its code suggest that it may have been developed using large language models (LLMs) or automation frameworks. Koske is […]

Read more
Post icon
/ Engineering

Detecting Koske malware with Wazuh

By

Koske malware is a new, trending malware that Aqua Nautilus first identified in July 2025. It is believed to be an AI-generated malware designed for cryptocurrency mining operations on Linux endpoints. The structure and characteristics of its code suggest that it may have been developed using large language models (LLMs) or automation frameworks. Koske is […]

Read more
Network security monitoring with Wazuh and Zeek

Network security monitoring with Wazuh and Zeek

Post icon
/ Engineering
By and

Network security focuses on ensuring the integrity, confidentiality, and availability of computer networks and data by preventing unauthorized access, misuse, or disruption. Continuous network monitoring provides visibility into network activity, enabling organizations to detect issues, optimize performance, and identify potential threats before they escalate into serious incidents. Wazuh is an open source SIEM/XDR platform that […]

Read more
Post icon
/ Engineering

Network security monitoring with Wazuh and Zeek

By and

Network security focuses on ensuring the integrity, confidentiality, and availability of computer networks and data by preventing unauthorized access, misuse, or disruption. Continuous network monitoring provides visibility into network activity, enabling organizations to detect issues, optimize performance, and identify potential threats before they escalate into serious incidents. Wazuh is an open source SIEM/XDR platform that […]

Read more
Integrating Admin By Request (ABR) with Wazuh

Integrating Admin By Request (ABR) with Wazuh

Post icon
/ Engineering
By

Admin By Request (ABR) is a Privilege Access Management (PAM) tool designed for managing local administrator privileges. Granting permanent administrator rights can expose organizations to malware, privilege misuse, and compliance risks. Admin By Request addresses this by allowing users to request temporary, audited admin access when needed, eliminating the need for permanent local administrator rights. […]

Read more
Post icon
/ Engineering

Integrating Admin By Request (ABR) with Wazuh

By

Admin By Request (ABR) is a Privilege Access Management (PAM) tool designed for managing local administrator privileges. Granting permanent administrator rights can expose organizations to malware, privilege misuse, and compliance risks. Admin By Request addresses this by allowing users to request temporary, audited admin access when needed, eliminating the need for permanent local administrator rights. […]

Read more
Detecting defense evasion techniques with Wazuh

Detecting defense evasion techniques with Wazuh

Post icon
/ Engineering
By

Defense evasion techniques are methods that threat actors use to conceal their presence, bypass security mechanisms, and operate undetected on compromised systems. By evading detection, adversaries can maintain persistence and continue malicious activity even during active monitoring or security scans. Common defense evasion methods include disabling or uninstalling security tools, tampering with event logs, obfuscating […]

Read more
Post icon
/ Engineering

Detecting defense evasion techniques with Wazuh

By

Defense evasion techniques are methods that threat actors use to conceal their presence, bypass security mechanisms, and operate undetected on compromised systems. By evading detection, adversaries can maintain persistence and continue malicious activity even during active monitoring or security scans. Common defense evasion methods include disabling or uninstalling security tools, tampering with event logs, obfuscating […]

Read more
Integrating ServiceNow with Wazuh

Integrating ServiceNow with Wazuh

Post icon
/ Engineering
By

ServiceNow is a cloud-based platform for IT Service Management (ITSM) that helps organizations manage digital workflows for enterprise operations. It provides a centralized system for handling incidents, changes, and requests, enabling process automation, visibility across departments, and structured response procedures. Integrating ServiceNow with Wazuh combines Wazuh threat detection and response capabilities with ServiceNow incident management. […]

Read more
Post icon
/ Engineering

Integrating ServiceNow with Wazuh

By

ServiceNow is a cloud-based platform for IT Service Management (ITSM) that helps organizations manage digital workflows for enterprise operations. It provides a centralized system for handling incidents, changes, and requests, enabling process automation, visibility across departments, and structured response procedures. Integrating ServiceNow with Wazuh combines Wazuh threat detection and response capabilities with ServiceNow incident management. […]

Read more
Measuring Wazuh performance and operational efficiency

Measuring Wazuh performance and operational efficiency

Post icon
/ Engineering
By

Measuring performance and operational efficiency of your XDR/SIEM ensures that it runs reliably, scales effectively, and delivers timely security insights. Monitoring metrics like resource usage, connection times, and log processing helps identify bottlenecks, optimize configurations, and prevent downtime. It also ensures that threat detection and intelligence coverage remain consistent, even under high workloads. The Wazuh […]

Read more
Post icon
/ Engineering

Measuring Wazuh performance and operational efficiency

By

Measuring performance and operational efficiency of your XDR/SIEM ensures that it runs reliably, scales effectively, and delivers timely security insights. Monitoring metrics like resource usage, connection times, and log processing helps identify bottlenecks, optimize configurations, and prevent downtime. It also ensures that threat detection and intelligence coverage remain consistent, even under high workloads. The Wazuh […]

Read more
Detecting LodaRAT malware with Wazuh

Detecting LodaRAT malware with Wazuh

Post icon
/ Engineering
By

LodaRAT is a remote access trojan (RAT) known for stealing sensitive data, executing commands, and maintaining persistence on infected systems. Commonly spread via phishing and malicious documents, it now uses advanced tactics like process injection, encrypted C2, and data exfiltration through legitimate services. Recently, a new variant of LodaRAT emerged that can steal saved passwords […]

Read more
Post icon
/ Engineering

Detecting LodaRAT malware with Wazuh

By

LodaRAT is a remote access trojan (RAT) known for stealing sensitive data, executing commands, and maintaining persistence on infected systems. Commonly spread via phishing and malicious documents, it now uses advanced tactics like process injection, encrypted C2, and data exfiltration through legitimate services. Recently, a new variant of LodaRAT emerged that can steal saved passwords […]

Read more
Monitoring MariaDB server with Wazuh

Monitoring MariaDB server with Wazuh

Post icon
/ Engineering
By

MariaDB is an open source database system that stores and manages structured data. It is often chosen for its reliability, speed, and compatibility with MySQL. Many websites, applications, and services use MariaDB to handle data securely and efficiently. Monitoring MariaDB provides real-time visibility into database activities, helping to detect suspicious behavior, prevent unauthorized access, and […]

Read more
Post icon
/ Engineering

Monitoring MariaDB server with Wazuh

By

MariaDB is an open source database system that stores and manages structured data. It is often chosen for its reliability, speed, and compatibility with MySQL. Many websites, applications, and services use MariaDB to handle data securely and efficiently. Monitoring MariaDB provides real-time visibility into database activities, helping to detect suspicious behavior, prevent unauthorized access, and […]

Read more
Integrating Dependency-Track with  Wazuh

Integrating Dependency-Track with  Wazuh

Post icon
/ Engineering
By

Dependency-Track is an open source platform that helps organizations identify and mitigate risks in their software supply chain. It achieves this by analyzing Software Bill of Materials (SBOMs), which is a detailed inventory of all software components, libraries, and modules that comprise an application. Dependency-Track can be integrated into CI/CD pipelines to analyze SBOMs generated […]

Read more
Post icon
/ Engineering

Integrating Dependency-Track with  Wazuh

By

Dependency-Track is an open source platform that helps organizations identify and mitigate risks in their software supply chain. It achieves this by analyzing Software Bill of Materials (SBOMs), which is a detailed inventory of all software components, libraries, and modules that comprise an application. Dependency-Track can be integrated into CI/CD pipelines to analyze SBOMs generated […]

Read more
Detecting Auto-color malware with Wazuh

Detecting Auto-color malware with Wazuh

Post icon
/ Engineering
By

Auto-color is a stealthy Linux backdoor used in cyberattacks targeting government institutions and universities across North America and Asia. Attributed to an unknown threat actor, Auto-color is specifically designed for persistence and evasion, allowing it to remain undetected on infected systems for extended periods. The malware disguises itself as a harmless color-enhancement utility to avoid […]

Read more
Post icon
/ Engineering

Detecting Auto-color malware with Wazuh

By

Auto-color is a stealthy Linux backdoor used in cyberattacks targeting government institutions and universities across North America and Asia. Attributed to an unknown threat actor, Auto-color is specifically designed for persistence and evasion, allowing it to remain undetected on infected systems for extended periods. The malware disguises itself as a harmless color-enhancement utility to avoid […]

Read more
Keep up to date
with our digest of articles